package jersey;

import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;

import rightsmanagement.RightsService;
import superkigav.shared.rightsmanagement.ApplicationFunction;
import superkigav.shared.rightsmanagement.IRights;
import superkigav.shared.rightsmanagement.UserTicket;

@Path("/rights")
public class RightsServer implements IRights {

	@POST
	@Path("/authenticate")
	@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
	public UserTicket authenticate(@FormParam("username") String username,
			@FormParam("password") String password) {
		UserTicket result = null;

		result = new RightsService().authenticate(username, password);

		return result;
	}

	@POST
	@Path("/isAccessPermitted")
	@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
	public boolean isAccessPermitted(@FormParam("user") UserTicket user,
			@FormParam("functionToAccess") ApplicationFunction functionToAccess) {

//		boolean result = false;
//		if (user.getUserName().equals("Eltern")) {
//			result = (functionToAccess.getFunctionName()
//					.equals("Kind einschreiben"));
//		}
//		if (user.getUserName().equals("Admin")) {
//			result = true;
//		}
		boolean result = new RightsService().isAccessPermitted(user, functionToAccess);
		return result;
	}

}
